Re: Portfowarding on Cisco 1800

---

• From: Trendkill <jpmason@xxxxxxxxx>
• Date: Fri, 22 Aug 2008 07:27:02 -0700 (PDT)

---

On Aug 22, 9:41 am, Lyle <lyle.cu...@xxxxxxxxx> wrote:

On Aug 22, 3:15 pm, Trendkill <jpma...@xxxxxxxxx> wrote:

On Aug 22, 7:44 am, Lyle <lyle.cu...@xxxxxxxxx> wrote:

Hello,

Network setup is as follows. Cisco 1800 with one public IP on the ATM
interface. The ethernet interface has a 192.168.1.1 address. The ISP
has configured the router so it passes all traffic to 192.168.1.2
which is our firewall.

We have a new device at the 192.168.1.3 address.

I would like the ISP to forward just https traffic to the new device.

This is posible no? Because they say it is not.

Thanks,

Lyle

They are probably one to one NATing and what you are asking for is
port address translation (PAT).  That way you can forward different
ports to different internal IP addresses.  This should definitely be
possible, although I'm making assumptions on your setup.  If you can
paste your router config (omit passwords and hide your external IP
address), then someone here can definitely answer your question.

Thanks for your reply. I wish I could paste the config here but I dont
have access to the router. I assume they are doing one-to -one NAT to
our firewall because we have a VPN up and running and they never asked
about which ports to forward. So if this is the case, that they are
doing ono-to-one NAT, I cant do any policy based routing right?

There is nothing you can do if they are doing one to one nat, unless
of course you want to install a router in between and do your own NAT/
PAT. I've never really tried that kind of nat to nat, but there are
some folks on this board with some deeper experience in the internet
security side than me. May be worth trying, although getting them to
do change to pat shouldn't be that big of a problem. They can forward
443 to the one server, and everything else to the firewall. Although
don't you want your web server behind your firewall anyway, so can't
you put a rule in there to forward 443 to an internal address? Use
that as your nat to pat instead?
.

---

• References:
  • Re: Portfowarding on Cisco 1800
    • From: Trendkill

• Prev by Date: Re: Portfowarding on Cisco 1800
• Next by Date: RIP not working on 2821/12.4.20T
• Previous by thread: Re: Portfowarding on Cisco 1800
• Next by thread: RIP not working on 2821/12.4.20T
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: What is broken:McAfeee firewall or my router ????? Urgent, ple ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ... (microsoft.public.security) Re: What is broken:McAfeee firewall or my router ????? Urgent, ple ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ... (microsoft.public.security) Re: New modem and iptables... ... The router performs firewall and NAT functions ... If you want to persuade me it's a modem, ... it's a router and _it_ has your public Internet address. ... It also does NAT (otherwise you couldn't have a private IP address on ... (Fedora) Re: Would a firewall prevent Sasser worm? ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ... (comp.security.misc) Re: Would a firewall prevent Sasser worm? ... >> the same level of protection that I would have with any NAT router? ... >There are a variety of known attacks which can crash routers, ... >Firewall capability allows you to modify the NAT behaviour to allow selected ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)